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CLAIMS 

What is claimed is: 



1 1 . A method of managing authorization tokens within a computer 

2 system comprising: 

3 creating a master owner token indicating full ownership of a resource 

4 within the computer system by a management environment; 

5 creating at least one delegate owner token for a delegated environment; 

6 communicating the delegate owner token to the delegated environment 

7 and to the resource; and 

8 allowing access to the resource by the delegated environment when the 

9 delegated environment presents a valid delegate owner token to the resource. 
10 

1 2. The method of claim 1 , further comprising storing the master owner 

2 token in a secure storage within the computer system. 
3 

1 3. The method of claim 1 , wherein the resource comprises a trusted 

2 platform module. 

3 

1 4. The method of claim 1 , wherein the management environment assigns 

2 a delegate owner token to a delegated environment by sealing the delegate 

3 owner token to the delegated environment. 
4 

1 5. The method of claim 1 , wherein the master owner token indicates the 

2 management environment can change at least one of the master owner token 

3 and a delegate owner token. 
4 

1 6. The method of claim 1 , further comprising launching the management 

2 environment before launching the delegated environment. 
3 
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1 7. The method of claim 1 , further comprising storing the delegate owner 

2 token in an access control list in the resource. 
3 

1 8. The method of claim 1 , further comprising removing, by the 

2 management environment, a delegate owner token from the access control list 

3 and adding a different delegate owner token to the access control list. 
4 

1 9. An article comprising: a storage medium having a plurality of machine 

2 readable instructions, wherein when the instructions are executed by a 

3 processor, the instructions provide for managing authorization tokens within a 

4 computer system by 

5 creating a master owner token indicating full ownership of a resource 

6 within the computer system by an administrative environment; 

7 creating at least one delegate owner token for a environment; 

8 communicating the delegate owner token to the environment and to the 

9 resource; and 

10 allowing access to the resource by the environment when the environment 

1 1 presents a valid delegate owner token to the resource. 
12 

1 1 0. The article of claim 9, further comprising instructions for storing the 

2 master owner token in a secure storage within the computer system. 
3 

1 11. The article of claim 9, wherein the resource comprises a trusted 

2 platform module. 
3 

1 12. The article of claim 9, wherein the management environment assigns 

2 a delegate owner token to a delegated environment by sealing the delegate 

3 owner token to the delegated environment. 



4 

5 
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1 1 3. The article of claim 9, wherein the master owner token indicates the 

2 management environment can change at least one of the master owner token 

3 and a delegate owner token. 
4 

1 14. The article of claim 9, further comprising instructions for launching the 

2 management environment before launching the environment. 
3 

1 1 5. The article of claim 9, further comprising instructions for storing the 

2 delegate owner token in an access control list in the resource. 
3 

1 16. The article of claim 9, further comprising instructions for removing, by 

2 the management environment, a delegate owner token from the access control 

3 list and adding a different delegate owner token to the access control list. 
4 

1 1 7. A computer system comprising: 

2 a plurality of environments; 

3 a management environment to create a master owner token indicating full 

4 ownership of a resource within the computer system, to create a plurality of 

5 delegate owner tokens indicating partial ownership of the resource, and to 

6 communicate a selected one of the delegate owner tokens to a selected one of 

7 the plurality of environments and to the resource; 

8 wherein the resource stores delegate owner tokens received from the 

9 management environment and allows access to the resource by the selected 

10 environment when a valid delegate owner token is presented to the resource by 

1 1 the selected environment. 
12 

1 1 8. The computer system of claim 1 7, further comprising a secure 

2 storage to store the master owner token. 
3 

1 19. The computer system of claim 17, wherein the resource comprises a 

2 trusted platform module. 
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3 

1 20. The computer system of claim 1 9, wherein the trusted platform 

2 module comprises an access control list for storing the delegate owner tokens 

3 received from the management environment. 
1 
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